TUV Rheinland: Cybersecurity Trends 2018

COLOGNE, Germany, May 10, 2018 /PRNewswire/ -- How can businesses better protect themselves from the increasing volume and complexity of cyberattacks while preparing for the opportunities of automation and digitalization of industries?

"Our goal is raise awareness to increasing cybersecurity risks impacting business and safety of our clients," shared Frank Luzsicza, Executive Vice President ICT & Business Solutions, TUV Rheinland. "In this year's report, we focus on where we see the most significant threats and opportunities emerging. We highlight the implications of our increasingly connected world, how global regulation is responding, the need to inject trust into cybersecurity, ways to protect ourselves from 'intelligent' cyberattacks, and what we should do to close the skills gap in an environment starved for cybersecurity talent, yet overwhelmed by volumes of data," said Frank Luzsicza. Similar to previous years, our report is based on a survey of TUV Rheinland's leading cybersecurity experts and input from clients in Europe, North America and Asia.

Following are highlights of the 8 cybersecurity trends identified this year:

TREND 1: A rising global tide of cyber-regulation increasing the price of privacy

Data protection is a critical concern in an increasingly digital world and May 25, 2018 is a turning point for data protection in Europe. It marks the end of the transitional period for the EU General Data Protection Regulation (GDPR) as it becomes enforceable by law. It disrupts data governance and how information is protected for any organization controlling or processing EU citizen personal data, and leads a growing list of emerging data protection regulations from around the globe. Failure to comply could result in fines of up to 4% of global turnover – a significant sum that demands attention. Expect to see the EU Commission hold major global companies accountable for GDPR violations.

TREND 2: The Internet of Things drives the convergence of safety, cybersecurity, and data privacy

In 2016, Mirai proved that Internet of Things (IoT) devices can be effectively weaponized as botnets. Today, product development, time to market considerations, and technical power constraints leave IoT devices exposed by exploitation of critical vulnerabilities. The impact of data breaches now extends far beyond simple data monetization to 'kinetic' threats to health and safety, as devices and systems are directly connected to open networks. It is widely accepted that the state of IoT security is poor and, with over 500 connected devices expected to cohabit with us in our homes by 2022, these represent a major risk to safety, cybersecurity, and data privacy.

TREND 3: Operational Technology emerges as a frontline for cyberattacks

The industrial internet is already transforming global industry and infrastructure, promising greater efficiency, productivity and safety. To compete means to move process equipment online, often unwittingly exposing component vulnerabilities to cyberattacks. Manufacturing plants are targeted to obtain intellectual property, trade secrets, and engineering information. Attacks on public infrastructure are motivated by financial gain, hacktivism, and national state agendas. Fear of a 'worst-case scenario', where attackers trigger a breakdown in systems that underpin society, was highlighted this year at the World Economic Forum. Industrial systems are particularly susceptible to supply-chain attacks, adversaries have recognized this, and are targeting them.

Recent cyberattacks on high-profile organizations are proving that, against the sophisticated and persistent cybercriminals, preventative controls alone are not enough. Today, it takes organizations, on average, over 191 days to detect a data breach. The longer it takes to detect and respond to threats the greater the financial and reputational damage done to the organization by the incident. Due to the vast growth of security log data, limitations of incumbent technologies, ineffective use of threat intelligence, inability to monitor IoT devices, and shortage of cybersecurity talent, organizations are exposed to costly dwell times.

TREND 5: Increasing use of Artificial Intelligence for cyberattacks and cyber defence

As organizations undergo a digital transformation, there is a growing volume of increasingly sophisticated and persistent cyberattacks. Malware is becoming smarter, able to 'intelligently' adapt to and evade traditional detection and eradication measures. With a global shortage of cybersecurity talent, organizations are losing the cyber arms race as a result. The volume of security data now far exceeds our legacy capability to use it effectively, leading to a growing number of AI-enabled cybersecurity use cases: accelerating incident detection and response; better identifying and communicating risks to the business; providing a unified view of security status across the organization.

TREND 6: Certifications become necessary to inject trust into cybersecurity

It is broadly accepted that cybersecurity and data protection are of critical importance in an increasingly digital world, but how can you judge the effectiveness of an organization's cybersecurity posture? There is a growing concern for trust in cybersecurity, evidenced by existing and emerging standards. For CISOs and product manufacturers alike, certification validates you have done what you say you have done. Today, however, product security assurance certification schemes tend to focus on the critical infrastructure and government sectors only. Where does that leave the manufacturers of consumer products?

TREND 7: Passwords being replaced by biometric authentication

Our digital lives are ruled by a complex web of online apps each requiring a username and password to control access. To protect the data behind these apps, selecting an obscure and complex password, and changing it often, is good practice, but also quite rare. With exponential improvements in computing power, and easy access to lots of it in the cloud, the time it takes to brute force passwords is rapidly reducing. What took nearly 4 years in 2000, now takes only 2 months. Add to that the fact stolen, hacked, and traded, passwords have never before been so openly available. As a result, it is increasingly commonplace to encounter biometric authentication (facial, fingerprint, iris, and voice) included in everyday mobile, tablet, and laptop devices, as well as physical access and online services.

TREND 8: Industries under siege: Healthcare, Finance, and Energy

The majority of cyberattacks are undertaken by criminal organizations and are motivated by money. The value of information on the dark web depends on demand for the data, the available supply, its completeness, and ability for reuse. As a result, healthcare and financial personal information are highly sought after. Medical records can fetch $1-$1,000, depending on how complete they are, while credit cards can fetch only $5-$30 dollars, if bundled with the information necessary to do immediate damage. Other cyberattacks have more political and nation-state motives, here disruption to critical services through attacks on the energy sector is a key risk in 2018; as evidenced by recent news of Russia's campaign of cyberattacks targeting the US power grid, which is suspected to have been underway for several years.

TUV Rheinland is a global leader in independent inspection services, founded 145 years ago. The group maintains a worldwide presence of more than 20,000 people; annual turnover is nearly EUR 2 billion. The independent experts stand for quality and safety for people, technology and the environment in nearly all aspects of life. TUV Rheinland inspects technical equipment, products and services, oversees projects, and helps to shape processes and information security for companies. Its experts train people in a wide range of careers and industries. To this end, TUV Rheinland employs a global network of approved labs, testing and education centers. Since 2006, TUV Rheinland has been a member of the United Nations Global Compact to promote sustainability and combat corruption.

For almost 20 years, TUV Rheinland has been supporting the private and public sector with comprehensive consulting and solution expertise in Cybersecurity and Telecommunications through digital transformation processes. The business stream's core business areas include cybersecurity solutions, digital transformation consulting, planning of telecommunication infrastructures, IT services, management consulting and development of innovative research projects.

With more than 600 specialists around the world, ICT & Business Solutions provides a comprehensive service portfolio for a protected digital enterprise. For more information please visit http://www.tuv.com/informationsecurity